CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 1CVE-2007-4543
https://notcve.org/view.php?id=CVE-2007-4543
27 Aug 2007 — Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form." Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en enter_bug.cgi en Bugzilla 2.17.1 hasta la 2.20.4, 2.22.x anterior a 2.22.3, y 3.x anterior a 3.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo buildid en l... • http://osvdb.org/37201 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2006-5455
https://notcve.org/view.php?id=CVE-2006-5455
23 Oct 2006 — Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en editversions.cgi en Bugzilla anterior a 2.22.1 y 2.23.x anteriores a 2.23.3 permite a atacantes remotos con intervención del usuario crear, modificar o borrar informes de "bugs" de su elección mediante una URL cr... • http://secunia.com/advisories/22409 •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 1CVE-2006-0913
https://notcve.org/view.php?id=CVE-2006-0913
28 Feb 2006 — SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi. • http://secunia.com/advisories/18979 •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 1CVE-2006-0914
https://notcve.org/view.php?id=CVE-2006-0914
28 Feb 2006 — Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error. • http://www.securityfocus.com/archive/1/425584/100/0/threaded • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2005-2173
https://notcve.org/view.php?id=CVE-2005-2173
08 Jul 2005 — The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi. • http://securitytracker.com/id?1014428 •
CVSS: 5.9EPSS: 0%CPEs: 15EXPL: 0CVE-2005-2174
https://notcve.org/view.php?id=CVE-2005-2174
08 Jul 2005 — Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete. • http://securitytracker.com/id?1014428 •
CVSS: 5.3EPSS: 0%CPEs: 23EXPL: 0CVE-2005-1563
https://notcve.org/view.php?id=CVE-2005-1563
14 May 2005 — Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040 •
CVSS: 7.5EPSS: 1%CPEs: 25EXPL: 2CVE-2005-1564
https://notcve.org/view.php?id=CVE-2005-1564
12 May 2005 — post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product. • http://marc.info/?l=bugtraq&m=111592031902962&w=2 •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 3CVE-2005-1565
https://notcve.org/view.php?id=CVE-2005-1565
12 May 2005 — Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040 •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2004-1061
https://notcve.org/view.php?id=CVE-2004-1061
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040 •